Page MenuHomePhabricator

[keyserver] Introduce `siwe_nonces` table
ClosedPublic

Authored by atul on Dec 16 2022, 8:56 AM.
Tags
None
Referenced Files
F3501940: D5883.diff
Fri, Dec 20, 3:52 AM
Unknown Object (File)
Fri, Dec 13, 9:02 PM
Unknown Object (File)
Fri, Nov 22, 5:54 AM
Unknown Object (File)
Fri, Nov 22, 5:54 AM
Unknown Object (File)
Fri, Nov 22, 5:54 AM
Unknown Object (File)
Fri, Nov 22, 5:54 AM
Unknown Object (File)
Fri, Nov 22, 5:54 AM
Unknown Object (File)
Fri, Nov 22, 5:54 AM
Subscribers
None

Details

Summary

Context: https://linear.app/comm/issue/ENG-2226/add-nonce-to-cookie-session

This table will hold nonces for the SIWE flow.

Entries will be created on calls to the siwe_nonce endpoint... at which point any "stale" nonces for a given ethereum_address will be clobbered/deleted.

Entries will be checked during calls to siwe_verify (tentative name) to ensure that the ethereum_address and nonce in the signed message match what's in the siwe_nonces table AND that the creation_time is < 30 minutes ago. After the entry is successfully checked it'll be deleted from the siwe_nonces table... we never care about the value of the nonce again.

Entries will also be "swept up" by some sort of "cron" script that runs every so often to clean up expired nonces.

Here's a rough sketch of the design that I'm working off of:

75d51d.png (1×2 px, 1 MB)

Test Plan

Table created as expected (migration):

1cf38c.png (1×1 px, 155 KB)

Table created as expected (setup db):
TBD

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

atul edited the test plan for this revision. (Show Details)
keyserver/src/database/migration-config.js
126 ↗(On Diff #19436)

Why 17 characters?

The siwe:generateNonce() function makes a call to stablelib/random: randomStringForEntropy() with 96 as the argument for number of bits of entropy.

fd5a59.png (308×968 px, 66 KB)

d1a156.png (810×1 px, 187 KB)

randomStringForEntropy has some math for determining the length of these string. I called the function with 96 bits of entropy and the value of length was 17:

dc3907.png (660×1 px, 206 KB)

Maybe we could just make it bigger to account for possibly using different nonce approach in the future, but I think this is fine for now

atul published this revision for review.Dec 16 2022, 9:06 AM
atul attached a referenced file: F287266: dc3907.png. (Show Details)
atul attached a referenced file: F287265: d1a156.png. (Show Details)
atul attached a referenced file: F287241: fd5a59.png. (Show Details)

I think we need to link the nonce to a cookie to protect against CSRF attacks, no?

ashoat requested changes to this revision.Dec 16 2022, 1:13 PM

Table needs to be tied to sessions

This revision now requires changes to proceed.Dec 16 2022, 1:13 PM
keyserver/src/database/setup-db.js
245 ↗(On Diff #19436)

Replace with session

keyserver/src/database/setup-db.js
245 ↗(On Diff #19436)

Actually let's delete this column and make nonce the primary key

remove ethereum_address column

This revision is now accepted and ready to land.Dec 17 2022, 7:58 PM
This revision was landed with ongoing or failed builds.Dec 19 2022, 9:31 AM
This revision was automatically updated to reflect the committed changes.